Privacy Policy
PRIVACY NOTICE @fontSize>
As required under the U.S. Federal Trade Commission’s “Privacy of Consumer Financial Information Rules,” we are providing this privacy notice (this “Privacy Notice”) to individual investors residing outside of the EU (i.e., investors who are natural persons or “alter egos” of individuals (e.g., revocable grantor trusts, IRAs or certain estate planning vehicles)) in order to inform you of our privacy policies and practices with respect to your personal information. For purposes of this Privacy Notice and the EU and UK Privacy Notice and California Privacy Notice (in each case, as defined below), the terms “26North”, “we,” “us,” and “our” refer to 26North Partners LP and its affiliates. The California Privacy Notice supplements this Privacy Notice with respect to natural persons who are California residents and sets out additional information related to rights specific to these individuals. If and to the extent that it applies, the EU and Data Privacy Notice takes precedence over and replaces this general Privacy Notice.
Our Commitment to Your Privacy: We are sensitive to the privacy concerns of our investors and clients. We have a policy of protecting the confidentiality and security of information we collect about you. We are providing you this notice to help you better understand why and how we collect certain personal information, the care with which we treat that information, and how we use that information.
Information We Collect: In connection with the formation and ongoing activities of our private investment funds (or “funds”), we collect and maintain non-public personal information about our investors:
- Contact information: name, address, email, telephone number;
- Identification information: signature, date of birth, place of birth, citizenship, location of residence, social security number, taxpayer identification number, driver’s license, passport, other government identification and numbers;
- Background information: information required to perform, or revealed in, know-your-customer (KYC) and anti- money laundering (AML) due diligence, investor accreditation and consents;
- Financial information: assets, income, net worth, amounts and types of investments, risk tolerance, capital account balances, capital commitments, capital contributions, account data, other investment participation information, funds transfer information, beneficiaries, positions, percentages of fund, share or option numbers and values, vesting information, investment history, transaction information, tax status and information;
- Investment information: information about your interest in the relevant investment, including ownership percentage, capital investment, income and losses; and
- Technical or account information: electronic device and usage information (for example, from cookies and similar technology), registration information and online account data.
Sources of Non-Public Information: In connection with forming and operating our funds and/or performing asset management services for our investors and clients, we collect and maintain, or have collected on our behalf by the fund administrator, the categories non-public personal information set out above from the following sources:
- Information we receive from you in telephone conversations, in voicemails, through written correspondence, via email and other electronic communications, or on subscription agreements, investor questionnaires, applications or other forms (including any anti-money laundering, identification and verification documentation),
- Information about your transactions with us or others, and
- Information captured on our website, data rooms and/or investor reporting portal (as applicable), including registration information, information provided through online forms and any information captured via “cookies.”
Purposes for Collecting Personal Information: We may collect or disclose the personal information we collect about you for one or more of the following business or commercial purposes:
- performing services for you, including:
- the administrative processes (and related communication) in preparing for the admission of investors to our funds;
- ongoing communication with potential investors, their representatives, advisors and agents (including the negotiation, preparation and signature of documentation) during the process of admitting potential investors to our funds and the execution of all relevant agreements;
- the performance of obligations under the governing documents of our funds (and all applicable anti- money laundering, KYC and other related laws and regulations) in assessing suitability of potential investors;
- ongoing operations, administrative, accounting, reporting, account maintenance and other processes and communication required to operate our business and our funds in accordance with the governing documents and other documentation between the parties, including customer service, processing or fulfilling transactions, verifying personal information, processing contributions and distributions and financing;
- keeping investors informed about our business and our funds generally, including offering opportunities to make investments other than to the applicable fund and related advertising;
- administering, managing and setting up an investor’s account(s) to allow such potential investor to purchase its holding (of shares);
- facilitating the execution, continuation or termination of the contractual relationship between an investor and our funds; and
- facilitating the transfer of funds, and administering and facilitating any other transaction, between an investor and our funds.
- auditing and verifications related to investor interactions, including verifying the quality and effectiveness of services and compliance;
- maintaining the safety, security and integrity of our products and services, databases, technology assets and business, including detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity;
- enabling any actual or proposed assignee or transferee, participant or sub-participant’s rights or obligations to evaluate proposed transactions;
- facilitating business asset transactions involving the investment fund/limited partnership or investment fund/limited partnership-related vehicles; and
- complying with laws, rules and regulations.
Disclosure of Information: We may disclose any of the categories of non-public personal information about you set out in the “Information We Collect” Section above as permitted by law or regulation and to affiliates and service providers, including administrators, lenders, banks, auditors, law firms, governmental agencies or pursuant to legal process, self-regulatory organizations, consultants and placement agents.
Former Investors and Clients: We may maintain non-public personal information of our former investors and clients and apply the same policies that apply to current investors and clients.
Information Security: We consider the protection of sensitive information to be a sound business practice, and to that end we employ physical, electronic and procedural safeguards, consistent with applicable law, which seek to protect your non-public personal information that we process or disclose to third parties.
Further Information: We reserve the right to change our privacy policies and this Privacy Notice at any time without prior notice. In the event that we change this Privacy Notice, we will make an updated version of this Privacy Notice available to you via email and/or our investment portal. The examples contained within this Privacy Notice are illustrations only and are not intended to be exclusive. This notice is intended to comply with the privacy provisions of applicable U.S. state and federal law, including with the privacy provisions of Regulation S-P under the Gramm-Leach-Bliley Act, and certain privacy provisions of other laws. To the extent there is any conflict between this Privacy Notice and the privacy requirements under the Gramm-Leach-Bliley Act and/or Regulation S-P (collectively the “GLB Rights”), the GLB Rights shall apply. You may have additional rights under other foreign or domestic laws that apply to you, including as set forth in our additional privacy notices.
If you have any questions or concerns relating to this Privacy Notice or the processing of your personal information hereunder or if you wish to exercise any opt-out rights, submit requests, appeal any of our decisions in connection with this Privacy Notice or to view this Privacy Notice in an alternate format, please contact 26North at [email protected].
EU and UK Privacy Notice
This EU and UK Privacy Notice (this “EU and UK Privacy Notice”) applies to the extent that EU and UK Data Protection Legislation (as defined below) applies to the processing of personal data by an Authorized Entity (as defined below). If this EU and UK Privacy Notice applies, the data subject has certain rights with respect to such personal data, as outlined below.
For this EU and UK Privacy Notice, “EU and UK Data Protection Legislation” means all applicable legislation and regulations relating to the processing and/or protection of data or information that is capable, whether directly or indirectly, of identifying a natural person, in each case as in force from time to time in the EU, the EEA or the UK, including: (i) Regulation (EU) 2016/ 679 (the “General Data Protection Regulation”); (ii) the General Data Protection Regulation as it forms part of the laws of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union Withdrawal Act 2018; (iii) any other legislation which implements any other current or future legal act of the EU or the UK concerning the protection and processing of personal data and any national implementing or successor legislation; and (iv) any amendment or re-enactment of any of the foregoing. The terms “controller,” “processor,” “data subject,” “personal data” and “processing” in this EU and UK Privacy Notice shall be interpreted in accordance with the applicable EU and UK Data Protection Legislation. Unless the context otherwise requires, as used herein the words “include,” “includes” and “including” shall be deemed to be followed by the phrase “without limitation”. All references to “investor(s)” in this EU and UK Privacy Notice shall be to such actual or potential investor(s) and, as applicable, any of such investor(s)’ partners, officers, directors, employees, shareholders, members, managers, ultimate beneficial owners and affiliates.
Please direct any questions arising out of this EU and UK Privacy Notice to 26North at [email protected].
Categories of personal data collected and lawful bases for processing
In connection with forming, offering and operating funds for investors, 26North and its portfolio companies, their affiliates, and in each case, their administrators, service providers, legal and other advisors and agents (the “Authorized Entities”) collect, record, store, adapt and otherwise process and use personal data, either relating to investors or to their partners, officers, directors, employees, shareholders, ultimate beneficial owners of affiliates or to any other data subjects, including from the following sources:
- information received in telephone conversations, in voicemails, through written correspondence, via email, or on subscription agreements, investor questionnaires, applications or other forms (including any anti-money laundering, identification and verification documentation);
- information about transactions with any Authorized Entity or others;
- information captured on any Authorized Entity’s website, fund data room and/or investor reporting portal (as applicable), including registration information and any information provided through online forms and any information captured via “cookies”; and
- information from publicly available sources, including from:
- publicly available and accessible directories and sources;
- bankruptcy registers;
- tax authorities, including those that are based outside the UK and the EEA if the applicable data subject is subject to tax in another jurisdiction;
- governmental and competent regulatory authorities to whom any Authorized Entity has regulatory obligations;
- credit agencies; and
- fraud prevention and detection agencies and organizations.
Any Authorized Entity may process the following categories of personal data:
- names, dates of birth and birth place;
- contact details and professional addresses (including physical addresses, email addresses and telephone numbers);
- account data and other information contained in any document provided by investors to the Authorized Entities (whether directly or indirectly);
- risk tolerance, transaction history, investment experience and investment activity;
- information regarding an investor’s status under various laws and regulations, including social security number, tax status, income and assets;
- accounts and transactions with other institutions;
- information regarding an investor’s interest in a fund, including ownership percentage, capital investment, income and losses;
- information regarding an investor’s citizenship and location of residence;
- source of funds used to make the investment in a fund; and
- anti-money laundering, identification (including passport and drivers’ license) and verification documentation.
Any Authorized Entity may, in certain circumstances, combine personal data it receives from an investor with other information that it collects from, or about such investor. This will include information collected in an online or offline context. In addition, personal data of investors could be processed and controlled irrespective of whether such investor is admitted to a fund as a stockholder.
One or more of the Authorized Entities are “controllers” of personal data collected in connection with the funds. In simple terms, this means such Authorized Entities: (i) “control” the personal data that they or other Authorized Entities collect from investors or other sources; and (ii) make certain decisions on how to use and protect such personal data.
There is a need to process personal data for the purposes set out in this EU and UK Privacy Notice as a matter of contractual necessity under or in connection with an agreement entered into or being negotiated between the relevant Authorized Entity and investor or data subject (“26North Documentation”), pursuant to applicable legal obligations and, in the legitimate interests of the Authorized Entities (or those of a third-party), to operate their respective businesses. From time to time, an Authorized Entity may need to process the personal data on other legal bases, including the following: (i) with consent; (ii) if it is necessary to protect the vital interests of an investor or other data subjects; or (iii) if it is necessary for a task carried out in the public interest.
A failure to provide the personal data requested to fulfill the purposes described in this EU and UK Privacy Notice may result in the applicable Authorized Entities being unable to provide the services as contemplated by 26North Documentation.
Purpose of processing
The applicable Authorized Entities process the personal data for the following purposes (and in respect of paragraphs (iii), (iv), (vi), (viii), and (ix) in the legitimate interests of the Authorized Entities (or those of a third- party)):
- (i) The performance of its contractual and legal obligations (including applicable anti-money laundering, KYC and other related laws and regulations), including in connection with assessing suitability of investors in a fund.
- (ii) The administrative processes (and related communication) carried out between the Authorized Entities in preparing for the admission of investors to a fund.
- (iii) Ongoing communication with investors, their representatives, advisors and agents (including the negotiation, preparation and signature of documentation) during the process of admitting investors to a fund.
- (iv) The ongoing administrative, accounting, reporting and other processes and communications required to operate the business of the funds in accordance with applicable documentation between the parties.
- (v) To administer, manage and set up your investor account(s) to allow you to purchase your holding (of shares) in the funds.
- (vi) To facilitate the execution, continuation or termination of the contractual relationship between you and 26North (as applicable).
- (vii) To facilitate the transfer of funds, and administering and facilitating any other transaction, between you and 26North (and any other funds operated by 26North or its affiliates).
- (viii) To enable any actual or proposed assignee or transferee, participant or sub-participant of 26North (and any other funds operated by 26North or its affiliates) rights or obligations to evaluate proposed transactions.
- (ix) To facilitate business asset transactions involving 26North’s partnership or 26North-related vehicles (and any other funds operated by 26North or its affiliates).
- (x) Any legal or regulatory requirement.
- (xi) Keeping investors informed about the business of 26North generally, including offering opportunities to make investments other than to the funds in which such investors currently invest.
- (xii) Any other purpose for which notice has been provided, or has been agreed to, in writing.
The Authorized Entities monitor communications where the law requires them to do so. The Authorized Entities also monitor communications, where required to do so, to comply with regulatory rules and practices and, where permitted to do so, to protect their respective businesses and the security of their respective systems.
Sharing and transfers of personal data
In addition to disclosing personal data amongst themselves, any Authorized Entity may disclose personal data, where not prohibited by EU and UK Data Protection Legislation, to other service providers, employees, agents, contractors, consultants, professional advisors, lenders, processors and persons employed and/or retained by them in order to fulfill the purposes described in this EU and UK Privacy Notice. In addition, any Authorized Entity may share personal data with regulatory bodies having competent jurisdiction over them, as well as with tax authorities, auditors and tax advisors (where necessary or advisable to comply with law).
Any Authorized Entity may transfer personal data cross-border, including to a Non-Equivalent Country (as defined below), in order to fulfill the purposes described in this EU and UK Privacy Notice and in accordance with applicable law, including where such transfer is a matter of contractual necessity to enter into, perform and administer 26North Documentation, including the subscription agreement, and to implement requested pre-contractual measures. For information on the safeguards applied to such transfers, please contact 26North. For the purposes of this EU and UK Privacy Notice, “Non-Equivalent Country” shall mean a third country under the UK and EU Data Protection Legislation which has not at the relevant time been determined by the relevant authority to ensure an adequate level of protection for personal data.
Retention and security of personal data
26North considers the protection of personal data to be a sound business practice, and to that end, employs appropriate technical and organizational measures, including robust physical, electronic and procedural safeguards to protect personal data in their possession or under their control.
Personal data may be kept for as long as it is required or advisable for legitimate business purposes, to perform contractual obligations or, where longer, such longer period as is required to comply with applicable legal or regulatory obligations. Personal data will be retained throughout the life cycle of any investment in a fund. However, some personal data will be retained after a data subject ceases to be an investor in a fund.
Data Subject Rights
It is acknowledged that, subject to applicable EU and UK Data Protection Legislation, the data subjects to which personal data relates have the following rights under EU and UK Data Protection Legislation: to obtain information about, or (where applicable) withdraw any consent given in relation to, the processing of their personal data; to access and receive a copy of their personal data; to request rectification of their personal data; to request erasure of their personal data; to exercise their right to data portability; and to exercise their right not to be subject to automated decision-making. Please note that the right to erasure is not absolute, and it may not always be possible to erase personal data on request, including where the personal data must be retained to comply with a legal obligation. In addition, erasure of the personal data requested to fulfill the purposes described in this EU and UK Privacy Notice may result in the inability to provide the services as contemplated by 26North Documentation.
In case a data subject to whom personal data relate disagrees with the way in which their personal data is being processed in relation to 26North Documentation, the data subject has the right to object to this processing of personal data and request restriction of the processing. The data subject may also lodge a complaint with the competent data protection supervisory authority in the relevant jurisdiction.
A data subject may raise any request relating to the processing of their personal data with 26North at the contact information provided above.
CALIFORNIA PRIVACY NOTICE
This notice (this “California Privacy Notice”) supplements the Privacy Notice set forth above with respect to specific rights granted under the California Consumer Privacy Act of 2018, as amended (the “CCPA”) to natural person California residents and provides information regarding how such California residents can exercise their rights under the CCPA. This supplement is only relevant to you if you are a resident of California as determined in accordance with the CCPA. Information required to be disclosed to California residents under the CCPA regarding the collection of their personal information that is not set forth in this CCPA supplement is otherwise set forth above in the Privacy Notice. To the extent there is any conflict with the privacy requirements under the Gramm-Leach- Bliley Act and/or Regulation S-P (“GLB Rights”), GLB Rights shall apply.
Categories of Personal Information We Collect
We may collect or, within the last twelve (12) months, may have collected some or all of the following categories of personal information from individuals:
Category | Examples |
---|---|
A. Identifiers | Name, contact details and address (including physical address, email address and Internet Protocol address), and other identification (including social security number, passport number and driver’s license or state identification card number). |
B. Additional data subject to Cal. Civ. Code § 1798.80 | Telephone number, signature, bank account number, other financial information (including accounts and transactions with other institutions and anti-money laundering information), and verification documentation and information regarding investors’ status under various laws and regulations (including social security number, tax status, income and assets). |
C. Protected classification characteristics under California or federal law | Date of birth, citizenship and birthplace. |
D. Commercial information | Account data and other information contained in any document provided by investors to authorized service providers (whether directly or indirectly), risk tolerance, transaction history, investment experience and investment activity, information regarding a potential and/or actual investment in the applicable fund(s), including ownership percentage, capital investment, income and losses, source of funds used to make the investment in the applicable fund(s). |
F. Internet or other similar network activity | Use of our website, fund data room and investor reporting portal (e.g., cookies, browsing history and/or search history), as well as information you provide to us when you correspond with us in relation to inquiries. |
G. Geolocation data | Physical location or movements. |
I. Professional or employment-related information | Current or past job history or performance evaluations. |
K. Inferences drawn from other personal information | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
L. Sensitive Personal Information | Social security, driver’s license, state identification card, or passport numbers; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; genetic data; the contents of a consumer’s mail, email, and text messages unless you are the intended recipient of the communication; biometric information for the purpose of uniquely identifying a consumer; and personal information collected and analyzed concerning a consumer’s health, sex life, or sexual orientation. |
We do not collect or use sensitive personal information other than:
- To perform services, or provide goods, as would reasonably be expected by an average consumer who requests those goods or services;
- As reasonably necessary and proportionate to detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information;
- As reasonably necessary and proportionate to resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for such actions;
- As reasonably necessary and proportionate to ensure the physical safety of natural persons;
- For short-term, transient use (but not in a manner that discloses such information to another third-party or is used to build a profile of you or otherwise alter your experience outside of your current interaction with us); and
- To perform services on behalf of our business.
Purposes for Collecting Personal Information
We may collect or disclose the personal information we collect about you for one or more of the business or commercial purposes set forth in the “Purposes for Collecting Personal Information” section of the general Privacy Notice above. We retain the categories of personal information set forth above in the “Categories of Personal Information We Collect” section of this California Privacy Notice for only as long as is reasonably necessary for those purposes set forth above, except as may be required under applicable law, court order or government regulations.
Disclosure of Information
We do not sell or share for the process of cross-contextual behavioral advertising (as such terms are defined in the CCPA) any of the personal information we collect about you to third parties. In the preceding twelve (12) months, we have not sold or shared for the process of cross-contextual behavioral advertising any of the personal information we collect about you to third parties. We do not disclose any non-public personal information about you to anyone, except as permitted or required by law or regulation.
Within the last twelve (12) months, we have disclosed personal information collected from you for a business purpose to the categories of third parties indicated in the chart below. We may also disclose your information to other parties as may be required by law or regulation, or in response to regulatory inquiries.
Personal Information Category | Category of Third-Party Recipients |
---|---|
A. Identifiers | Affiliates, vendors, and lenders |
B. Additional data subject to Cal. Civ. Code § 1798.80 | Affiliates, vendors, and lenders |
C. Protected classification characteristics under California or federal law | Affiliates, vendors, and lenders |
D. Commercial information | Affiliates and vendors |
F. Internet or other similar network activity | Affiliates and vendors |
G. Geolocation data | Affiliates and vendors |
I. Professional or employment-related information | Affiliates, vendors, and lenders |
K. Inferences drawn from other personal information | Affiliates and vendors |
Rights under the CCPA
Deletion Rights
You have the right to request that we delete any of your personal information that we retain, subject to certain exceptions, including our compliance with U.S., state, local and non-U.S. laws, rules and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons.
Disclosure and Access Rights
You have the right to request that we disclose to you certain information regarding our collection, use, disclosure and sale of personal information specific to you over the last twelve (12) months. Such information includes:
- The categories of personal information we collected about you;
- The categories of sources from which the personal information is collected;
- Our business or commercial purpose for collecting such personal information;
- Categories of third parties to whom we disclose the personal information;
- The specific pieces of personal information we have collected about you; and
- Whether we disclosed your personal information to a third-party, and if so, the categories of personal information that each recipient obtained.
Correction Right
You have the right to request that we correct any inaccuracies in the personal information that we retain, subject to certain statutory exceptions, including our compliance with U.S., state, local and non-U.S. laws, rules and regulations. We will notify you in writing if we cannot comply with a specific request and provide an explanation of the reasons.
No Discrimination
We will not discriminate against you for exercising your rights under the CCPA, including by denying service, suggesting that you will receive, or charging, different rates for services or suggesting that you will receive, or providing, a different level or quality of service to you.
How to Exercise Your Rights
To exercise any of your rights under the CCPA, ask any questions about this California Privacy Notice, or access this California Privacy Notice in an alternative format, please submit a request on your behalf using any of the methods set forth below.
Call us using one of the following toll-free numbers:
+1-855-550-0007 (English hotline); or
+1-888-330-0004 (Spanish hotline).
Submit a request online using the following online form: https://www.lighthouse-services.com/26n/privacy.
Email us at the following email address: [email protected].
Within ten (10) business days, we will contact you to confirm receipt of your request under the CCPA and request any additional information necessary to verify your request. We verify requests by matching information provided in connection with your request to information contained in our records. Depending on the sensitivity of the request and the varying levels of risk in responding to such requests (for example, the risk of responding to fraudulent or malicious requests), we may request your investor portal access credentials in order to verify your request. You may designate an authorized agent to make a request under the CCPA on your behalf, provided that you provide a signed agreement verifying such authorized agent’s authority to make requests on your behalf, and we may verify such authorized person’s identity using the procedures above. If we request you verify your request and we do not receive your response, we will pause processing your request until such verification is received.